## Paper Archives

T. Herr, B. Schneier, and C. Morris, Taking Stock: Estimating Vulnerability Rediscovery, July 2017 (Revised October 2017).

O. S. Kerr, B. Schneier, Encryption Workarounds, March 2017.

S. Shackelford, B. Schneier, M. Sulmeyer, A. Boustead, B. Buchanan, A. N. Craig Deckard, Trey Herr, J. Malekos Smith, Making Democracy Harder to Hack: Should Elections Be Classified as ‘Critical Infrastructure?’, University of Michigan Journal of Law Reform, v. 50, n. 3, Spring 2017, pp. 629-668.

J. Quinn and B. Schneier, A Proportional Voting System for Awards Nominations Resistant to Voting Blocs, Voting Matters, n. 31, to appear.

B. Schneier, K. Seidel, and S. Vijayakumar, A Worldwide Survey of Encryption Products, February 11, 2016.

U. Gasser, M. G. Olsen, N. Gertner, D. Renan, J. Goldsmith, J. Sanchez, S. Landau, B. Schneier, J. Nye, L. Schwartztol, D. R. O’Brien, and J. Zittrain, Don't Panic: Making Progress on the "Going Dark" Debate, Berkman Center Report, February 1, 2016.

H. Abelson, R. Anderson, S. M. Bellovin, J. Benaloh, M. Blaze, W. Diffie, J. Gilmore, M. Green, S. Landau, P. G. Neumann, R. L. Rivest, J. I. Schiller, B. Schneier, M. Specter, and D. J. Weitzner, Keys Under Doormats: Mandating Insecurity by Requiring Government Access to All Data and Communications, Journal of Cybersecurity, November 2015.

B. Schneier, M. Fredrikson, T. Kohno, and T. Ristenpart, Surreptitiously Weakening Cryptographic Systems, Cryptology ePrint Archive, Report 2015/097, 2015.

A. Czeskis, D. Mah, O. Sandoval, I. Smith, K. Koscher, J. Appelbaum, T. Kohno, and B. Schneier, DeadDrop/Strongbox Security Assessment, UW Computer Science and Engineering Technical Report #13-08-02, August 8, 2013.

B. Schneier, Schneier on Security: Privacy and Control, Journal of Privacy and Confidentiality, v. 2, n.1, 2010.

N. Ferguson, S. Lucks, B. Schneier, D. Whiting, M. Bellare, T. Kohno, J. Callas, and J. Walker, The Skein Hash Function Family, Version 1.2, September 2009.

M. Bellare, T. Kohno, S. Lucks, N. Ferguson, B. Schneier, D. Whiting, J. Callas, and J. Walker, Provable Security Support for the Skein Hash Family, April 2009.

A. Czeskis, D. J. St. Hilaire, K. Koscher, S. D. Gribble, T. Kohno, and B. Schneier, Defeating Encrypted and Deniable File Systems: TrueCrypt v5.1a and the Case of the Tattling OS and Applications, 3rd Usenix Workshop on Hot Topics in Security, 2008.

B. Schneier, The Psychology of Security, AFRICACRYPT 2008, LNCS 5023, Springer-Verlag, 2008, pp. 50-79.

R. Anderson and B. Schneier, Economics of Information Security, IEEE Security and Privacy, 3 (1), 2005, pp. 12-13.

J. Kelsey and B. Schneier,
Second Preimages on n-bit Hash Functions for Much Less than 2^{n} Work, Advances in Cryptology: EUROCRYPT 2005 Proceedings, Springer-Verlag, 2005, pp. 474-490.

D. Whiting, B. Schneier, S. Lucks, and F. Muller, Phelix: Fast Encryption and Authentication in a Single Cryptographic Primitive, ECRYPT Stream Cipher Project Report 2005/027, 2005.

N. Ferguson and B. Schneier, A Cryptographic Evaluation of IPsec, December 2003.

N. Ferguson, D. Whiting, B. Schneier, J. Kelsey, S. Lucks, and T. Kohno, Helix: Fast Encryption and Authentication in a Single Cryptographic Primitive, Fast Software Encryption, 10th International Workshop, FSE 2003, Lund, Sweden, February 24-26, 2003, Revised Papers, Lecture Notes in Computer Science 2887, 2003, pp. 345-362.

K. Jallad, J. Katz, and B. Schneier, Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG, Information Security Conference 2002 Proceedings, Springer-Verlag, 2002, pp. 90-101.

Bruce Schneier, Managed Security Monitoring: Network Security for the 21st Century, Computers & Security, v. 20, 2001, pp. 491-503.

N. Ferguson, J. Kelsey, S. Lucks, B. Schneier, M. Stay, D. Wagner, and D. Whiting, Improved Cryptanalysis of Rijndael, Seventh Fast Software Encryption Workshop, Springer-Verlag, 2001, pp. 213-230.

J. Kelsey, T. Kohno, and B. Schneier, Amplified Boomerang Attacks Against Reduced-Round MARS and Serpent, Seventh Fast Software Encryption Workshop, Springer-Verlag, 2001, pp. 7-93.

J. Katz and B. Schneier, A Chosen Ciphertext Attack against Several E-Mail Encryption Protocols, 9th USENIX Security Symposium, 2000.

B. Schneier, The Fallacy of Trusted Client Software, Information Security Magazine, August 2000.

B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, N. Ferguson, T. Kohno, and M. Stay, The Twofish Team's Final Comments on AES Selection, May 15, 2000.

D. Whiting, B. Schneier, and S. Bellovin, AES Key Agility Issues in High-Speed IPsec Implementations, May 15, 2000.

J. Kelsey, Key Separation in Twofish, Twofish Technical Report #7, April 7, 2000.

B. Schneier, The Process of Security, Information Security Magazine, April 2000.

N. Ferguson, B. Schneier, and D. Wagner, Security Weaknesses in Maurer-Like Randomized Stream Ciphers, Fifth Australasian Conference on Information Security and Privacy (ACISP 2000), Springer-Verlag, 2000, pp. 234-241.

J. Kelsey and B. Schneier, MARS Attacks! Preliminary Cryptanalysis of Reduced-Round MARS Variants, Proceedings of the Third AES Candidate Conference, April 2000, pp. 169-185.

T. Kohno, J. Kelsey, and B. Schneier, Preliminary Cryptanalysis of Reduced-Round Serpent, Proceedings of the Third AES Candidate Conference, April 2000, pp. 195-211.

B. Schneier and D. Whiting, A Performance Comparison of the Five AES Finalists, Proceedings of the Third AES Candidate Conference, April 2000, pp. 123-135.

N. Ferguson, J. Kelsey, B. Schneier, and D. Whiting, A Twofish Retreat: Related-Key Attacks Against Reduced-Round Twofish, Twofish Technical Report #6, February 14, 2000.

C. Ellison and B. Schneier, Ten Risks of PKI: What You're Not Being Told About Public Key Infrastructure, Computer Security Journal, v 16, n 1, 2000, pp. 1-7.

C. Ellison, C. Hall, R. Milbert, and B. Schneier, Protecting Secret Keys with Personal Entropy, Future Generation Computer Systems, v. 16, 2000, pp. 311-318.

B. Schneier, Self-Study Course in Block Cipher Cryptanalysis, Cryptologia, v.24, n.1, Jan 2000, pp. 18-34.

J. Kelsey, B. Schneier, D. Wagner, and C. Hall, Side Channel Cryptanalysis of Product Ciphers, Journal of Computer Security, v. 8, n. 2-3, 2000, pp. 141-158.

J. Kelsey and B. Schneier, Key-Schedule Cryptanalysis of DEAL, Sixth Annual Workshop on Selected Areas in Cryptography, Springer Verlag, August 1999.

J. Kelsey, B. Schneier, and N. Ferguson, Yarrow-160: Notes on the Design and Analysis of the Yarrow Cryptographic Pseudorandom Number Generator, Sixth Annual Workshop on Selected Areas in Cryptography, Springer Verlag, August 1999.

B. Schneier, Attack Trees, Dr. Dobb's Journal, December 1999.

B. Schneier, Security in the Real World: How to Evaluate Security Technology, Computer Security Journal, v 15, n 4, 1999, pp. 1-14.

B. Schneier, A Plea for Simplicity, Information Security Magazine, November 1999.

N. Ferguson, Impossible Differentials in Twofish, Twofish Technical Report #5, October 5, 1999.

B. Schneier, Mudge, Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2), CQRE '99, Springer-Verlag, 1999, pp. 192-203.

J. Kelsey and B. Schneier, Minimizing Bandwidth for Remote Access to Cryptographically Protected Audit Logs, Second International Workshop on the Recent Advances in Intrusion Detection (RAID '99), September 1999.

C. Hall, I. Goldberg, and B. Schneier, Reaction Attacks Against Several Public-Key Cryptosystems, Proceedings of Information and Communication Security, ICICS'99, Springer-Verlag, 1999, pp. 2-12.

B. Schneier and A. Shostack, Breaking Up Is Hard to Do: Modeling Security Threats for Smart Cards, USENIX Workshop on Smart Card Technology, USENIX Press, 1999, pp. 175-185.

John Kelsey and Bruce Schneier, Authenticating Secure Tokens Using Slow Memory Access: Extended Abstract, USENIX Workshop on Smart Card Technology, USENIX Press, 1999, pp. 101-106.

J. Kelsey and B. Schneier, The Street Performer Protocol and Digital Copyrights, First Monday, v. 45, n. 6, June 1999.

D. Whiting, J. Kelsey, B. Schneier, D. Wagner, N. Ferguson, and C. Hall, Further Observations on the Key Schedule of Twofish, Twofish Technical Report #4, March 16, 1999.

E. Biham, A. Biryukov, N. Ferguson, L. Knudsen, B. Schneier, and A. Shamir, Cryptanalysis of Magenta, Second AES Candidate Conference, April 1999.

B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, and N. Ferguson, New Results on the Twofish Encryption Algorithm, Second AES Candiate Conference, April 1999.

B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, and N. Ferguson, Performance Comparison of the AES Submissions, Proc. Second AES Candidate Conference, NIST, March 1999, pp. 15-34.

D. Wagner, N. Ferguson, and B. Schneier, Cryptanalysis of FROG, Second AES Candiate Conference, April 1999, pp. 175–181.

J. Kelsey, B. Schneier, and D. Wagner, Key Schedule Weakness in SAFER+, Second AES Candidate Conference, April 1999.

J. Kelsey, B. Schneier, and D. Wagner,
Mod *n* Cryptanalysis, with Applications against RC5P and M6, Fast Software Encryption, Sixth International Workshop Proceedings (March 1999), Springer-Verlag, 1999, pp. 139-155.

Bruce Schneier and John Kelsey, Secure Audit Logs to Support Computer Forensics, ACM Transactions on Information and System Security, v. 1, n. 3, 1999, pp. 159-176.

J. Riordan and B. Schneier, A Certified E-Mail Protocol with No Trusted Third Party, 13th Annual Computer Security Applications Conference, ACM Press, December 1998, pp. 347-351.

B. Schneier, The Twofish Encryption Algorithm, Dr. Dobb's Journal, December 1998.

D. Whiting, B. Schneier, Improved Twofish Implementations, Twofish Technical Report #3, December 2, 1998.

B. Schneier, Cryptographic Design Vulnerabilities, IEEE Computer, v. 31, n. 9, Sep 1998, pp. 29-33.

B. Schneier and Mudge, Cryptanalysis of Microsoft's Point-to-Point Tunneling Protocol (PPTP), Proceedings of the 5th ACM Conference on Communications and Computer Security, ACM Press, November 1998, pp. 132-141.

J. Kelsey and B. Schneier, The Street Performer Protocol, The Third USENIX Workshop on Electronic Commerce Proceedings, USENIX Press, November 1998.

B. Schneier, Scrambled Message, Information Security Magazine, October 1998.

D. Whiting, D. Wagner, Empirical Verification of Twofish Key Uniqueness Properties, Twofish Technical Report #2, September 22, 1998.

C. Salter, O. Saydjari, B. Schneier, and J. Wallner, Toward a Secure System Engineering Methodology, New Security Paradigms Workshop, September 1998, pp. 2-10.

N. Ferguson, Upper Bounds on Differential Characteristics in Twofish, Twofish Technical Report #1, August 17, 1998.

C. Hall, J. Kelsey, V. Rijmen, B. Schneier, and D. Wagner., Cryptanalysis of SPEED, Fifth Annual Workshop on Selected Areas in Cryptography, Springer-Verlag, August 1998, pp. 319-338.

D. Wagner, L. Simpson, E. Dawson, J. Kelsey, W. Millan, and B. Schneier, Cryptanalysis of ORYX, Fifth Annual Workshop on Selected Areas in Cryptography, Springer-Verlag, August 1998, pp. 296-305.

B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, and N. Ferguson, On the Twofish Key Schedule, Fifth Annual Workshop on Selected Areas in Cryptography, Springer-Verlag, August 1998, pp. 27-42.

C. Hall, D. Wagner, J. Kelsey, and B. Schneier, Building PRFs from PRPs, Advances in Cryptology---Crypto 98 Proceedings, 1998, pp. 370-389.

J. Riordan and B. Schneier, Environmental Key Generation towards Clueless Agents, Mobile Agents and Security, G. Vigna, ed., Springer-Verlag, 1998, pp. 15-24.

C. Hall, J. Kelsey, and B. Schneier and D. Wagner, Cryptanalysis of SPEED (Extended Abstract), Financial Cryptography '98, Springer-Verlag, 1998, pp. 309-310.

B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, and N. Ferguson, Twofish: A 128-Bit Block Cipher, June 15, 1998.

J. Kelsey, B. Schneier, D. Wagner, and C. Hall, Cryptanalytic Attacks on Pseudorandom Number Generators, Fast Software Encryption, Fifth International Workshop Proceedings (March 1998), Springer-Verlag, 1998, pp. 168-188.

Don Coppersmith, David Wagner, Bruce Schneier, and John Kelsey, Cryptanalysis of TWOPRIME, Fast Software Encryption, Fifth International Workshop Proceedings (March 1998), Springer-Verlag, 1998, pp. 32-48.

B. Schneier and J. Kelsey, Cryptographic Support for Secure Logs on Untrusted Machines, The Seventh USENIX Security Symposium Proceedings, USENIX Press, January 1998, pp. 53-62.

J. Kelsey, B. Schneier, C. Hall, and D. Wagner, Secure Applications of Low-Entropy Keys, 1997 Information Security Workshop (ISW'97), September 1997, pp. 121-134.

B. Schneier and C. Hall, An Improved E-Mail Security Protocol, 13th Annual Computer Security Applications Conference, ACM Press, December 1997, pp. 232-238.

C. Hall and B. Schneier, Remote Electronic Gambling, 13th Annual Computer Security Applications Conference, ACM Press, December 1997, pp. 227-230.

J. Kelsey, B. Schneier, and D. Wagner, Related-Key Cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA, ICICS '97 Proceedings, Springer-Verlag, November 1997, pp. 233-246.

D. Wagner, B. Schneier, and J. Kelsey, Cryptanalysis of the Cellular Message Encryption Algorithm, March 20, 1997.

N. Ferguson and B. Schneier, Cryptanalysis of Akelarre, Fourth Annual Workshop on Selected Areas in Cryptography, August 1997, pp. 201-212.

H. Abelson, R. Anderson, S. M. Bellovin, J. Benaloh, M. Blaze, W. Diffie, J. Gilmore, P. G. Neumann, R. L. Rivest, J. I. Schiller, and B. Schneier, The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption, Revised version, 1998.

J. Kelsey and B. Schneier, Conditional Purchase Orders, 4th ACM Conference on Computer and Communications Security, ACM Press, April 1997, pp. 117-124.

J. Kelsey, B. Schneier, and D. Wagner, Protocol Interactions and the Chosen Protocol Attack, Security Protocols, 5th International Workshop April 1997 Proceedings, Springer-Verlag, 1998, pp. 91-104.

B. Schneier and J. Kelsey, Remote Auditing of Software Outputs Using a Trusted Coprocessor, Journal of Future Generation Computer Systems, v.13, n.1, 1997, pp. 9-18.

B. Schneier and D. Whiting, Fast Software Encryption: Designing Encryption Algorithms for Optimal Software Speed on the Intel Pentium Processor, Fast Software Encryption, Fourth International Workshop Proceedings, (January 1997), Springer-Verlag, 1997, pp. 242-259.

B. Schneier, J. Kelsey, D. Wagner, and C. Hall, An Authenticated Camera, 12th Annual Computer Security Applications Conference, ACM Press, December 1996, pp. 24-30.

B. Schneier and J. Kelsey, A Peer-to-Peer Software Metering System, The Second USENIX Workshop on Electronic Commerce Proceedings, USENIX Press, November 1996, pp. 279-286.

D. Wagner and B. Schneier, Analysis of the SSL 3.0 Protocol, The Second USENIX Workshop on Electronic Commerce Proceedings, USENIX Press, November 1996, pp. 29-40.

B. Schneier, J. Kelsey, and J. Walker, Distributed Proctoring, ESORICS 96 Proceedings, Springer-Verlag, September 1996, pp. 172-182.

B. Schneier and J. Kelsey, Authenticating Outputs of Computer Software Using a Cryptographic Coprocessor, Proceedings 1996 CARDIS, September 1996, pp. 11-24.

J. Kelsey, B. Schneier, and D. Wagner, Key-Schedule Cryptanalysis of 3-WAY, IDEA, G-DES, RC4, SAFER, and Triple-DES, Advances in Cryptology--CRYPTO '96 Proceedings, Springer-Verlag, August 1996, pp. 237-251.

B. Schneier and J. Kelsey, Automatic Event-Stream Notarization Using Digital Signatures, Security Protocols, International Workshop April 1996 Proceedings, Springer-Verlag, 1997, pp. 155-169.

B. Schneier and J. Kelsey, Unbalanced Feistel Networks and Block Cipher Design, Fast Software Encryption, Third International Workshop Proceedings, (February 1996), Springer-Verlag, 1996, pp. 121-144.

M. Blaze, W. Diffie, R. Rivest, B. Schneier, T. Shimomura, E. Thompson, and M. Weiner, Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security, January 1996.

M. Jones and B. Schneier, Securing the World Wide Web: Smart Tokens and their Implementation, Proceedings of the Fourth International World Wide Web Conference, December 1995, pp. 397-409.

B. Schneier, The Blowfish Encryption Algorithm—One Year Later, Dr. Dobb's Journal, September 1995.

M. Blaze and B. Schneier, The MacGuffin Block Cipher Algorithm, Fast Software Encryption, Second International Workshop Proceedings, (December 1994), Springer-Verlag, 1995, pp. 97-110.

B. Schneier, The GOST Encryption Algorithm, Dr. Dobb's Journal, v. 20, n.1, January 1995, pp. 123-124.

B. Schneier, A Primer on Authentication and Digital Signatures, Computer Security Journal, v. 10, n. 2, 1994, pp. 38-40.

B. Schneier, Designing Encryption Algorithms for Real People, Proceedings of the 1994 ACM SIGSAC New Security Paradigms Workshop, IEEE Computer Society Press, August 1994, pp. 63-71.

B. Schneier, Description of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish), Fast Software Encryption, Cambridge Security Workshop Proceedings (December 1993), Springer-Verlag, 1994, pp. 191-204.

B. Schneier, Pseudo-Random Sequence Generator for 32-Bit CPUs: A fast, machine-independent generator for 32-bit Microprocessors, Dr. Dobb's Journal, v. 17, n. 2, February 1992, pp. 34-40.

B. Schneier, One-Way Hash Functions, Dr. Dobb's Journal, v. 16, n. 9, September 1991, pp. 148-151.

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.